[Openswan Users] Re: can't see tunnel is up

Tan Weng Leong wltan at eb.com.my
Thu May 19 11:20:48 CEST 2005 

my ipsec.conf configuration is as follow : 

ipsec.confconfig setup
       # Debug-logging controls:  "none" for (almost) none, "all" for lots.
       interfaces="ipsec0=eth0"
       klipsdebug=all
       plutodebug=all
       uniqueids=yes
conn net
   type=tunnel
   authby=rsasig
   left=10.150.15.34
   leftsubnet=192.168.1.0/24
   leftnexthop=10.150.15.200
   leftrsasigkey=0sAQNzpXyENs0................
   right=10.150.15.200
   rightsubnet=192.168.2.0/24
   rightnexthop=10.150.15.34
   rightrsasigkey=0sAQOcGq..............
   #esp=3des-md5-96
   keyexchange=ike
   auto=add
   pfs=yes 

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf 


When i type ipsec auto --up net i have the following : 

104 "net" #1: STATE_MAIN_I1: initiate
003 "net" #1: received Vendor ID payload [Openswan (this version) 2.3.1  
X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
003 "net" #1: received Vendor ID payload [Dead Peer Detection]
106 "net" #1: STATE_MAIN_I2: sent MI2, expecting MR2
108 "net" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "net" #1: STATE_MAIN_I4: ISAKMP SA established
117 "net" #2: STATE_QUICK_I1: initiate
004 "net" #2: STATE_QUICK_I2: sent QI2, IPsec SA established 
{ESP=>0x537d7c90 <0xeab7c0c4 xfrm=AES_0-HMAC_SHA1} 

i type ipsec look havethe following : 

VPN Thu May 19 09:40:30 MYT 2005
cat: /proc/net/ipsec_spigrp: No such file or directory
cat: /proc/net/ipsec_eroute: No such file or directory
egrep: /proc/net/ipsec_tncfg: No such file or directory
sort: open failed: /proc/net/ipsec_spi: No such file or directory
Destination     Gateway         Genmask         Flags   MSS Window  irtt 
Iface
0.0.0.0         10.150.1.34     0.0.0.0         UG        0 0          0 
eth0
10.150.0.0      0.0.0.0         255.255.0.0     U         0 0          0 
eth0
192.168.2.0     10.150.15.200   255.255.255.0   UG        0 0          0 
eth0 

In the /var/log/messages i have after i start the tunnel net : 

May 19 09:35:34 VPN kernel: NET: Registered protocol family 15
May 19 09:35:34 VPN ipsec_setup: KLIPS ipsec0 on eth0 
10.150.15.34/255.255.0.0 broadcast 10.150.255.255
May 19 09:35:34 VPN ipsec_setup: ...Openswan IPsec started
May 19 09:35:34 VPN ipsec_setup: Starting Openswan IPsec 2.3.1...
May 19 09:35:34 VPN ipsec_setup: insmod 
/lib/modules/2.6.5-1.358/kernel/net/key/af_key.ko 

Please advice me on configure openSWAN that till get the following messages 
after i type service ipsec status: 

IPsec running
pluto pid 8840
No tunnels up 

 

 

Paul Wouters writes: 

> On Wed, 18 May 2005, Tan Weng Leong wrote: 
> 
>>  I have configure the openSWAn with the following setup :  
>> 
>> client A -----server A========Server B--------- client B i can ping from 
>> client A to client B and versa vice. when i type service ipsec status i 
>> have the following messages :
>>   IPsec running
>>   pluto pid 6719
>>   No tunnels up can someone solve my problem? thank you.
> 
> Check the logfiles for error messages. If you defined a connection and it
> does not work, it will have created an entry in the logs somewhere. 
> 
> Paul

More information about the Users mailing list